<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第271期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第271期）</strong></h5>
<blockquote> 2019/05/06-2019/05/12</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>饿了么王彬：安全即是公平 实现要靠运营<br><a target="_blank" href="https://mp.weixin.qq.com/s/3UYObnoZV_g-AZFdSoxJLg">https://mp.weixin.qq.com/s/3UYObnoZV_g-AZFdSoxJLg</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>FBI查获DeepDotWeb并逮捕其管理员<br><a target="_blank" href="https://nosec.org/home/detail/2564.html">https://nosec.org/home/detail/2564.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>布拉格5G安全大会 “布拉格提案”<br><a target="_blank" href="https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg">https://mp.weixin.qq.com/s/sktQAoNeE-3na9lBPm9nzg</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>三星泄露SmartThings应用程序源代码和密钥<br><a target="_blank" href="https://nosec.org/home/detail/2565.html">https://nosec.org/home/detail/2565.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>汉堡王的儿童网上商店泄露数万条顾客信息<br><a target="_blank" href="https://nosec.org/home/detail/2566.html">https://nosec.org/home/detail/2566.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>情报指挥中心加入公安部直属机关序列<br><a target="_blank" href="https://mp.weixin.qq.com/s/ULHbGTI1YosdZG23aAE4Qw">https://mp.weixin.qq.com/s/ULHbGTI1YosdZG23aAE4Qw</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>赛门铁克公司加入美国防部的网络威胁情报共享项目<br><a target="_blank" href="https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw">https://mp.weixin.qq.com/s/tHjveTuc1bi0TxmJKwMoGw</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>浅谈入侵溯源过程中的一些常见姿势<br><a target="_blank" href="https://www.freebuf.com/articles/network/202168.html">https://www.freebuf.com/articles/network/202168.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>从攻守日志 看网络江湖的快意恩仇<br><a target="_blank" href="http://blog.nsfocus.net/looking-at-the-network-rivers-and-lakes-from-the-attack-and-defense-logs/">http://blog.nsfocus.net/looking-at-the-network-rivers-and-lakes-from-the-attack-and-defense-logs/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>HTTPDecrypt: 利用HTTP协议 远程加解密数据包，实现Burp一条龙服务<br><a target="_blank" href="https://github.com/lyxhh/lxhToolHTTPDecrypt">https://github.com/lyxhh/lxhToolHTTPDecrypt</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android安全的思维导图<br><a target="_blank" href="https://bbs.pediy.com/thread-251061.htm">https://bbs.pediy.com/thread-251061.htm</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>免费的计算机编程类中文书籍<br><a target="_blank" href="https://github.com/justjavac/free-programming-books-zh_CN">https://github.com/justjavac/free-programming-books-zh_CN</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>EL3 Tour: Get the Ultimate Privilege of Android Phone<br><a target="_blank" href="https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone">https://speakerdeck.com/hhj4ck/el3-tour-get-the-ultimate-privilege-of-android-phone</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何入侵基于RMI的JMX服务<br><a target="_blank" href="https://nosec.org/home/detail/2544.html">https://nosec.org/home/detail/2544.html</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第270期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/270">https://www.sec-wiki.com/weekly/270</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>使用Suricata和ELK进行流量检测<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/64742715">https://zhuanlan.zhihu.com/p/64742715</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>代理蜜罐的开发与应用实战<br><a target="_blank" href="https://www.freebuf.com/articles/network/202310.html">https://www.freebuf.com/articles/network/202310.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SSH Honey Keys<br><a target="_blank" href="https://kulinacs.com/ssh-honey-keys/">https://kulinacs.com/ssh-honey-keys/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XMLDecoder解析流程分析<br><a target="_blank" href="https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw">https://mp.weixin.qq.com/s/FupNkLOOWAabvnC3Yob_uw</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>2600万TRX被盗背后的罗生门<br><a target="_blank" href="https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline">https://mp.weixin.qq.com/s/aInEaYdS9X7HP7FbzWl6AQ?from=timeline</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SonarQube+DependencyCheck实现第三方依赖安全扫描<br><a target="_blank" href="https://bloodzer0.github.io/ossa/other-security-branch/devsecops/sdc/">https://bloodzer0.github.io/ossa/other-security-branch/devsecops/sdc/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>The XSS challenge that +100k people saw but only 90 solved<br><a target="_blank" href="https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/">https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span> Broadcom无线芯片组的逆向分析之旅<br><a target="_blank" href="https://nosec.org/home/detail/2540.html">https://nosec.org/home/detail/2540.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>网络安全通识（一）网络安全存在的理由：在线第一<br><a target="_blank" href="https://www.sec-un.org/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E9%80%9A%E8%AF%86%EF%BC%88%E4%B8%80%EF%BC%89%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%AD%98%E5%9C%A8%E7%9A%84%E7%90%86%E7%94%B1%EF%BC%9A%E5%9C%A8%E7%BA%BF%E7%AC%AC/">https://www.sec-un.org/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E9%80%9A%E8%AF%86%EF%BC%88%E4%B8%80%EF%BC%89%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%AD%98%E5%9C%A8%E7%9A%84%E7%90%86%E7%94%B1%EF%BC%9A%E5%9C%A8%E7%BA%BF%E7%AC%AC/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Watermark: 网页添加水印的库<br><a target="_blank" href="https://github.com/YanxinTang/Watermark">https://github.com/YanxinTang/Watermark</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Browser、Mitigation 、Kernel 等漏洞利用相关研究<br><a target="_blank" href="https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References">https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>聊聊安全测试中如何快速搞定Webshell<br><a target="_blank" href="https://www.freebuf.com/articles/web/201421.html">https://www.freebuf.com/articles/web/201421.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Hack The Box - BigHead<br><a target="_blank" href="https://0xrick.github.io/hack-the-box/bighead/">https://0xrick.github.io/hack-the-box/bighead/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用ASP.NET中的x-up-devcap-post-charset请求头绕过Web防火墙<br><a target="_blank" href="https://nosec.org/home/detail/2556.html">https://nosec.org/home/detail/2556.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploring Mimikatz - Part 1<br><a target="_blank" href="https://blog.xpnsec.com/exploring-mimikatz-part-1/">https://blog.xpnsec.com/exploring-mimikatz-part-1/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SSH 登陆问题及排查思路<br><a target="_blank" href="https://www.infoq.cn/article/pqU7iMf8cHpz-RNLOslJ">https://www.infoq.cn/article/pqU7iMf8cHpz-RNLOslJ</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>An Old Cisco OpenSSH Bug<br><a target="_blank" href="https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61">https://medium.com/tenable-techblog/an-old-cisco-openssh-bug-342ce6679f61</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Throwing 500 vm’s at your fuzzing target being an individual security researcher<br><a target="_blank" href="https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html">https://kciredor.com/throwing-500-vms-fuzzing-target-individual-security-researcher.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>2019 虎鲸杯电子取证大赛赛后复盘总结<br><a target="_blank" href="https://www.anquanke.com/post/id/177714">https://www.anquanke.com/post/id/177714</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>2600万TRX被盗背后的罗生门 - 第二集<br><a target="_blank" href="https://mp.weixin.qq.com/s/9Cl6-ZmAi-U3Qi6cPVZJxQ?from=timeline">https://mp.weixin.qq.com/s/9Cl6-ZmAi-U3Qi6cPVZJxQ?from=timeline</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>如何攻击Mirai僵尸网络（及其变种）的控制服务器？<br><a target="_blank" href="https://nosec.org/home/detail/2558.html">https://nosec.org/home/detail/2558.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>金融风控反欺诈之图算法<br><a target="_blank" href="https://www.infoq.cn/article/C99whYfeGILp1W*M75cl">https://www.infoq.cn/article/C99whYfeGILp1W*M75cl</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Exploit for CVE-2019-9810 Firefox on Windows 64 bits<br><a target="_blank" href="https://github.com/0vercl0k/CVE-2019-9810">https://github.com/0vercl0k/CVE-2019-9810</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>x-up-devcap-post-charset Header in ASP.NET to Bypass WAFs Again!<br><a target="_blank" href="https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/">https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>tetanus: Helper script for mangling CS payloads<br><a target="_blank" href="https://github.com/secgroundzero/tetanus">https://github.com/secgroundzero/tetanus</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Unpacking Redaman Malware &amp; Basics of Self-Injection Packers<br><a target="_blank" href="https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/">https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>itops: 基于Python + Django的AD\Exchange管理系统<br><a target="_blank" href="https://github.com/openitsystem/itops?from=timeline">https://github.com/openitsystem/itops?from=timeline</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Open Source SIRP with Elasticsearch and TheHive<br><a target="_blank" href="https://arnaudloos.com/2019/open-source-sirp-overview/">https://arnaudloos.com/2019/open-source-sirp-overview/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Command injection by setting a custom search engine<br><a target="_blank" href="https://hackerone.com/reports/497312">https://hackerone.com/reports/497312</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Malicious DLL execution using Apple&#039;s APSDaemon.exe signed binary<br><a target="_blank" href="https://0x00sec.org/t/malicious-dll-execution-using-apples-apsdaemon-exe-signed-binary/13409">https://0x00sec.org/t/malicious-dll-execution-using-apples-apsdaemon-exe-signed-binary/13409</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Using Win95 kernel32.dll exports like a virus<br><a target="_blank" href="https://log.vexation.ca/2019/04/using-win95-kernel32dll-exports-like.html?m=1">https://log.vexation.ca/2019/04/using-win95-kernel32dll-exports-like.html?m=1</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>“不可破解”生物识别USB通过纯文本传输密码<br><a target="_blank" href="https://nosec.org/home/detail/2567.html">https://nosec.org/home/detail/2567.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploiting Logic Bugs in JavaScript JIT Engines<br><a target="_blank" href="http://phrack.org/papers/jit_exploitation.html">http://phrack.org/papers/jit_exploitation.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Taking Control of VMware Through the Universal Host Controller Interface: Part 1<br><a target="_blank" href="https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1">https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Looking inside the box<br><a target="_blank" href="https://anvilventures.com/blog/looking-inside-the-box.html">https://anvilventures.com/blog/looking-inside-the-box.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Hijacking browser TLS traffic through Client Domain Hooking<br><a target="_blank" href="https://blog.duszynski.eu/hijacking-browser-tls-traffic-through-client-domain-hooking/">https://blog.duszynski.eu/hijacking-browser-tls-traffic-through-client-domain-hooking/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Comprehensive walkthrough of the LTDH19 RE challenges<br><a target="_blank" href="https://blog.syscall.party/post/ltdh-re-walkthrough/">https://blog.syscall.party/post/ltdh-re-walkthrough/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>How to Reverse Malware on macOS Without Getting Infected | Part 1<br><a target="_blank" href="https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/">https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>基于统计分析的ICMP隧道检测方法与实现<br><a target="_blank" href="https://www.freebuf.com/articles/network/202634.html">https://www.freebuf.com/articles/network/202634.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Feathering for SSIDs<br><a target="_blank" href="https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a">https://medium.com/@elkentaro/feathering-for-ssids-bd69ad41165a</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Finding Registry Malware Persistence with RECmd<br><a target="_blank" href="https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd/">https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>知识图谱怎么入门<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/65457826">https://zhuanlan.zhihu.com/p/65457826</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>write-after-free vulnerability in Firefox, Analysis and Exploitation<br><a target="_blank" href="https://news.sophos.com/en-us/2019/04/18/protected-cve-2018-18500-heap-write-after-free-in-firefox-analysis-and-exploitation/">https://news.sophos.com/en-us/2019/04/18/protected-cve-2018-18500-heap-write-after-free-in-firefox-analysis-and-exploitation/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于请教问题、一些圈子以及简历<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzU2NzkwNTQxNg==&amp;mid=2247483719&amp;idx=1&amp;sn=1f68582237b3ece6f07bdf3be60fc1ec&amp;chksm=fc975ca0cbe0d5b65824d2ec0bf2b11a2d26d69f6935371c73114db689fc3a56a13eeb6eeefb&amp;token=1697253642&amp;lang=zh_CN#rd">https://mp.weixin.qq.com/s?__biz=MzU2NzkwNTQxNg==&amp;mid=2247483719&amp;idx=1&amp;sn=1f68582237b3ece6f07bdf3be60fc1ec&amp;chksm=fc975ca0cbe0d5b65824d2ec0bf2b11a2d26d69f6935371c73114db689fc3a56a13eeb6eeefb&amp;token=1697253642&amp;lang=zh_CN#rd</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Eight Devices, One Exploit <br><a target="_blank" href="https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c">https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>聊聊服务稳定性保障这些事<br><a target="_blank" href="https://www.infoq.cn/article/69TYjy_v9u4FxXNUk2gK">https://www.infoq.cn/article/69TYjy_v9u4FxXNUk2gK</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Security Data Science Learning Resources<br><a target="_blank" href="https://medium.com/@jason_trost/security-data-science-learning-resources-8f7586995040">https://medium.com/@jason_trost/security-data-science-learning-resources-8f7586995040</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Tale of a Wormable Twitter XSS<br><a target="_blank" href="https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/">https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>wpbullet: A static code analysis for WordPress (and PHP)<br><a target="_blank" href="https://github.com/webarx-security/wpbullet">https://github.com/webarx-security/wpbullet</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>From zero to tfp0 - Part 2: Walkthrough of the voucher_swap exploit<br><a target="_blank" href="https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-2-a-walkthrough-of-the-voucher_swap-exploit/">https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-2-a-walkthrough-of-the-voucher_swap-exploit/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span> Cisco Talos报告Alpine Linux Docker镜像中的硬编码凭据<br><a target="_blank" href="https://nosec.org/home/detail/2568.html">https://nosec.org/home/detail/2568.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Vulmap: Vulmap Online Local Vulnerability Scanners Project<br><a target="_blank" href="https://github.com/vulmon/Vulmap">https://github.com/vulmon/Vulmap</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>From Zero to tfp0 - Part 1: Prologue<br><a target="_blank" href="https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/">https://www.darkmatter.ae/papers-articles/from-zero-to-tfp0-part-1-prologue/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>response: Monzo&#039;s real-time incident response and reporting tool <br><a target="_blank" href="https://github.com/monzo/response">https://github.com/monzo/response</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>2019 Data Breach Investigations Report<br><a target="_blank" href="https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf">https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Bashter: Web Crawler, Scanner, and Analyzer Framework (Shell-Script based)<br><a target="_blank" href="https://github.com/zerobyte-id/Bashter">https://github.com/zerobyte-id/Bashter</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Detailed Analysis of macOS Vulnerability CVE-2019-8507<br><a target="_blank" href="https://www.fortinet.com/blog/threat-research/detailed-analysis-mac-os-vulnerability-cve-2019-8507.html">https://www.fortinet.com/blog/threat-research/detailed-analysis-mac-os-vulnerability-cve-2019-8507.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Application Diffing: CVE-2019-10875 Inspection<br><a target="_blank" href="https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html">https://blog.quarkslab.com/android-application-diffing-cve-2019-10875-inspection.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>ExtAnalysis: Browser Extension Analysis Framework<br><a target="_blank" href="https://github.com/Tuhinshubhra/ExtAnalysis">https://github.com/Tuhinshubhra/ExtAnalysis</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>D-Link camera vulnerability allows attackers to tap into the video stream<br><a target="_blank" href="https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/">https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>CTF线下攻防指南 <br><a target="_blank" href="http://blog.nsfocus.net/ctf-off-line-attack-defense-guidelines/">http://blog.nsfocus.net/ctf-off-line-attack-defense-guidelines/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>List of Awesome Asset Discovery Resources<br><a target="_blank" href="https://github.com/redhuntlabs/Awesome-Asset-Discovery">https://github.com/redhuntlabs/Awesome-Asset-Discovery</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>我的CSP绕过思路及总结<br><a target="_blank" href="https://xz.aliyun.com/t/5084">https://xz.aliyun.com/t/5084</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/271">SecWiki周刊(第271期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
